Announcing the release of the secure boot system James Bottomley noted that the signed pre-bootloader was delivered by Microsoft on February 6th. “This was actually released to us by Microsoft on Wednesday 6 February, but with travel, conferences and meetings I didn’t really get time to validate it all until today.” Bottomley has released two validated files PreLoader.efi and HashTool.efi. Bottomley has also created a bootable mini-USB image that provides “an EFI shell where the kernel should be and uses Gummiboot to boot.”
The Linux Foundation started work on Secure Boot last year and announced back in October that its plan involved development of a pre-bootloader, which it will get signed by Microsoft. A signed pre-bootloader will allow for chain-loading of boot-loader of any other operating system thereby enabling users to install non-signed Linux distros on Windows 8 UEFI hardware. This signed pre-bootloader will greatly help smaller distributions that don’t have either the resources or time to get their own Microsoft-verified key.
A month later The Linux Foundation announced that the pre-bootloader has been delayed as they were having bizarre experiences with Microsoft sysdev centre. Microsoft had said at the time that the loader wasn’t singed properly and that they would require more time to sort out the issue.
Just last week Bottomley said the pre-bootloader was still in the works as a complete rewriting of the code was needed as it wasn’t working with simple Gummiboot EFI boot-loader because there are difference in the manner in which Gummiboot goes about booting its kernels as compared to other alternatives such as shim.
More details can be found on Bottomley’s blog.